SecurityWeek reports that Morgan Stanley has been imposed a $6.5 million fine for its failure to properly remove unencrypted data from decommissioned devices that may have exposed millions of customers’ sensitive information. Investigation into the financial services firm revealed that thousands of hard drives with customer data had been decommissioned through a moving company without any expertise in destroying data, while another decommissioning process saw unencrypted data from 42 missing servers, which stemmed from an encryption software vulnerability.

Source: SC Magazine